SSO

SSO enables authentication via an organization’s Identity Provider (IdP), such as Google Workspace or Okta instead of managing usernames and passwords. Phase Two implementations of IdP connections support SAML and OpenID Connect standard protocols.

You can add and manage IdP connections through the Admin UI under the "Identity Providers" section. Documentation for the administration of IdPs can be found in the Keycloak server adminstration docs.

If you have enabled the Organization customer portal, or are using the Phase Two Connect onboarding wizards, your customers can manage their IdP connections on their own.

📄️ Setup

Once you have setup the authentication flow for SSO as described in the previous section SSO, you can create connections to the Organizations' identity providers and then associating them with the Organizations they represent.

📄️ Wizards

The identity provider setup wizards give you a guided way to configure SSO and directory sync without working directly in the full Keycloak UI. They are the same flows used in the Admin Portal and in the Phase Two Connect onboarding experience.

📄️ SSO Without Auth

Many Phase Two customers use their own authentication and user management systems, and only rely on Phase Two for its comprehensive SSO support. It is not required to use both in order to get the full power of our SSO integrations and customer self-management portal.